(1) Field of the Invention
The present invention relates to a secure device that prevents an unauthorized use of digital contents and an unauthorized act in Electronic Commerce (EC) or Mobile EC.
(2) Description of the Related Art
In recent years, various electronic information services have become widespread. The electronic information services include a contents distribution service and Mobile Electronic Commerce (EC) in which users can receive music contents or moving-picture contents via a network such as the Internet.
In such electronic information services, technologies such as (a) contents protection technology for preventing unauthorized use of contents and (b) EC protection technology such as authentication technology and billing technology for Mobile EC are indispensable. Recently, secure devices providing such technologies have been developed and provided for use.
Users can attach such secure devices to their mobile phones, go outside with mobile phones, and receive the contents distribution service or conduct business transactions in the Mobile EC safely on the road.
In regard to the secure devices, “Secure MultiMedia Card for Contents Distribution/Mobile Commerce” (by Jun Miyake, Harutsugu Ishihara, and Ryuji Tsunehiro, Hitachi Hyoron, October 2001 issue) discloses a Secure MultiMedia Card (SMMC) that includes both contents protection technology and EC protection technology.
The secure devices have functions which are effective in EC and are equivalent to the user's signature or a registered personal seal in ordinary commerce. The secure devices also store, for example, (i) information that the user wants no one to know and (ii) a secret key which is used to decrypt an encrypted electronic mail.
Accordingly, if the user loses the secure device or has it stolen, there is a fear that a malicious third party may use the secure device without the user's authorization to cause economic damage to the user, or might get to know information that the user wants no one to know.
Under such circumstances, secure devices having functions to prevent a third party from using a secure device without authorization have come on the market. For example, such a secure device has a function to authenticate the user by biological information like fingerprints, or by a password.
For example, Japanese Patent Publication No. 3-65589 discloses a method that compares secret data such as a password input from the outside with data having been stored inside, and permits the secure device to be used only if the two pieces of data match.
In the above method, however, the user is required to memorize the secret data as a “pass phrase” to input it into the secure device. For the pass phrase, users often select a numeral sequence or the like that can be memorized easily. This makes it easy for a third party to guess the pass phrase.
Also, when biological information such as a fingerprint is used, an apparatus for reading the biological information is required. This would increase the cost.
It is therefore desirable to deactivate secure devices if they are lost or stolen.
Japanese Patent Publication No. 4-44314 discloses a personal mobile card that has a memory for storing the use history of the user and prohibits the use of its functions if a certain operation fails a certain number of times.
Also, Japanese Laid-Open Patent Application No. 11-177682 discloses a method in which deactivation data and an identification code of a user such as a user's telephone number are stored beforehand in an IC card that is to be inserted into a wireless communication device such as a mobile phone, and if the user loses the IC card, the user transmits the deactivation data from another telephone terminal to the IC card, namely to a communication terminal in which the IC card is inserted, using the identification code (telephone number) as the destination. Upon receiving the deactivation data, the IC card compares the received deactivation data with the deactivation data having, been stored inside beforehand and prohibits the functions of the card from being used if the two pieces of deactivation data match.
In the above method, however, it is presumed that the IC card is a SIM (Subscribe Identification Module) that is provided only to a subscriber of a telephone system and communication is possible only when an identification code, which is issued by a communication provider and unique to the subscriber, is used as the destination. With this method, however, the usage of the IC card is limited to a pattern in which only the identification code is used as the communication destination, when the communications should be made with high-level security.
From the standpoint of users, however, it is not desirable that the secure device be limited to a usage pattern in which only an identification code issued by a particular communication provider is used. It is desirable, for example, that a user can conduct business transactions in EC by inserting a secure device into a mobile phone on one occasion, can encrypt electronic mail by inserting the same secure device into an Internet terminal on another occasion, and can deactivate the secure device regardless of the usage pattern or the communication terminal into which the secure device is inserted.